CCPA And Data Collection: What Retailers Need To Know

As people around the world were ringing in the new year, the California Consumer Privacy Act (CCPA) went into effect, bringing an added challenge to retailers in 2020 and beyond. The CCPA signals a fundamental shift in the privacy and data management landscape and is the latest regulation to address how businesses collect and manage consumer data.

The CCPA grants residents of California the right to ask about the personal data that companies have collected about them. The goals of the CCPA are to give Californians control over their personal data and visibility into how that data is used, and to assign accountability to companies that collect personal data from residents of the state.

While the law in its current iteration only impacts companies that do business with or in the state of California, there are a couple of reasons every retailer should pay attention to CCPA. First, California is the world’s fifth largest economy. Even if your company is headquartered on the East Coast, it’s highly likely that you have customers in California; if that’s the case, you need to be compliant. In addition, research shows that approximately 80% of experts in the fraud detection and deterrence spheres see CCPA as a gateway to nationwide consumer data privacy legislation in the future.


How CCPA Changes Data Collection

Consumer data is vital to retailers, and CCPA changes the way that data is collected, analyzed and stored. However, CCPA doesn’t mean that your customer data collection must end — it simply means that your company needs to be very clear about the data it collects and why, as well as put processes in place for providing that information to the customer.

Unsure where to start? Consider these tips:

  1. American consumers are already highly cautious of their personal data being collected by companies, making it extremely important that you do everything possible to foster trust. In fact, companies surveyed in IDology’s 2019 Fraud Report revealed that the biggest casualty of large-scale breaches and settlements is the loss of customer trust. Therefore, if you need to gather personal data from users, you should, but only collect the information you really need, and don’t ask for information when you don’t have a clear, immediate use for it.
  1. Your business should have a comprehensive privacy policy in place already, but CCPA requires you to go beyond that document. To comply with the regulation, you must alert users of their data privacy rights at the point you collect their personal information.
  2. If you haven’t had personal data requests from California consumers yet, it’s only a matter of time. These verifiable consumer requests (VCRs) are one of the most challenging aspects CCPA poses to retailers. In order to provide consumers with access to the personal information held on them, you must engage in identity verification (IDV) to ensure the requests are not submitted by fraudsters.

In an era when organizations experience breaches routinely, fraudsters may use breached data already in their possession to initiate a VCR so they can gather even more information. This makes it critical to have a process in place that is automated, flexible enough to accommodate different types of requesters (consumers with and without password-protected online accounts, for example) and scalable enough to keep up with varying volumes of requests.

What Does The Future Hold?

Although CCPA is the latest regulation, it certainly won’t be the last. Some would argue that we’ve already entered a new era of consumer empowerment, with GDPR and CCPA being the first of many laws designed to put the consumer in the data privacy driver’s seat. Supporting this notion, IDology’s 2019 Fraud Report revealed that 80% of businesses believe CCPA will be nationalized at some point. Regardless of location, retailers will need improved identity verification methods to ensure regulatory compliance, security, scalable cost and seamless user experiences.

Consumer data privacy laws are about more than just compliance — in a world of hacks and data breaches, the organizations that are both compliant and transparent will stand out among the competition. Consider CCPA an opportunity to get in step and build trust with your customers.

Christina Luttrell is the COO for IDology, a GBG company and leader in multi-layered identity verification and fraud prevention. In her 10 years at IDology, Luttrell has significantly advanced the company’s technology, forged close relationships with IDology customers and driven the development of technology innovations that help organizations stay ahead of constantly shifting fraud tactics without impacting the customer experience. Luttrell has been recognized as one of the Top 100 influencers in identity by One World Identity. 

Feature Your Byline

Submit an Executive ViewPoints.

Featured Event

Join the retail community as we come together for three days of strategic sessions, meaningful off-site networking events and interactive learning experiences.


Access The Media Kit


Access Our Editorial Calendar

If you are downloading this on behalf of a client, please provide the company name and website information below: